Re: Linux firewall question.
Henry Hollenberg speed@barney.iamerica.net
On Fri, 6 Mar 1998, Bernd Eckenfels wrote:
> > Speed:
> > The leaner the kernel is as far as the firewall is concerned, the
> > quicker it is able to handle packet forwarding/etc.
>
> A modularized kernel can be leaner, since it doesnt require compiles all the
> time to get rid of unwanted parts.
> > Security:
> > Having module support on a firewall machine invites the possibility
> > that one of the modules can be compromised through a trojan.
>
> This is also true for /sbin/init. I think the firewall has to be designed to
> be immutable/secure after a reboot (i.E. boot from read-only media) or/and
> do some checksums.
Not sure I follow the /sbin/init exploit, could you elaborate?
The systems I've just got in have (2) 2 gig SCSI disks apiece and the
third has so many SCSI disk in it I've lost count....(2) 1 gigs, a 2 gig
and a 4 gig I think. Anyway this halving of my disk space was intentional
so I could do read only boot disks.
In fact I guess that's another part of this project...figuring out which
parts of the file system can go on the read only disk and which parts need
to go on a writable disk....Bernd are you game?
With CD-recordables around $400 and dropping vs $130 for a nice SCSI plain
CD-ROM putting the bootable parts on CD is a thought as well....Bernd?
hgh
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@debian.org .
Reply to: